Another interesting tool was drawn to my attention yesterday - Chrome Extension Exploitation Framework or XSS ChEF, which exploits XSS vulnerabilities in Chrome extensions. What you can acctualy do with this tool (when you have appropriate privileges):